When you get the weather forecast, since you don't know the meteorologist's job it will seem like he is incompetent when you get rained on in what is supposed to be a sunny day. Your expectations of their abilities clouds your understanding of what can really happen.

The same things happen in the IT world. When those in charge have clouded vision (some even wear bloody blindfolds) they will have no useful understanding of how to manage an IT project. I believe that in the London area this is not the first demonstration that government types are fairly blind to how to successfully complete a major IT project. In fact, there have been so many stories of such blindness from London that it makes one wonder how they planned to use IT to manage all those cameras.

Anyway, when you only know two companies that want to do the job... whose CEOs happen to drink in the same club that you do..... errr well, a change in name should be good enough. After all, it worked for those blokes who make voting machines in America. Right!

What are they supposed to do?
"Oh, these people are all stupid. Lets chuck em out and get some better ones."
The problem isn't that they can't solve the problem. The problem is, they're being employed to try in the first place.
Raise taxes. Make public transportation absolutely free. Watch cars on the road go down. Watch societal energy requirements go down. Watch population redistribute themselves along the public transportation corridors, reducing energy requirements further. Watch everyone get that little bit richer as a consequence. Problems solved.
The strategy makers are the problem.

For the most part Oyster cards work extremely well. Two downtimes in several years isn't the worst thing ever considering the number of people with travelcards on their Oyster cards who are paying regardless of whether the system is up or down at a particular time.

Without Oyster the entire network would grind to a halt at peak hours due to added processing time (even to put a ticket through the tube gate machines, never mind queues and buying bus tickets instead of simply swiping).

There isn't any room to raise taxes right now, they've done it consistently over the past 11 years until people have very little spare cash. Anyway, Oyster works in London, which has the congestion charge for cars, so most people don't drive to work here if they don't have to. If they did they wouldn't ever get to work.

The only issue is the Oyster card hack, that took years to appear. But the track record is pretty impressive, so choosing them as the supplier seems quite a sensible solution to me. At least it wasn't one of the waste of time governmental contractors like EDS who just absorb public money in return for nothing or freedom-inhibiting systems.

I would have to agree that the Oyster card has all-in-all been a success. I used to live in London in the late 90's and at peak times you would have 20-person queues at each barrier-gate as the millions of people who use the "tube" daily tried to insert their paper card in the the narrow slit.

Using the tube on recent holiday to the U.K. I noticed things certainly seemed to go smoother with the majority of people swiping a card above a sensor at much greater speed than previously.

This is an example of technology making things easier and more efficient for the end-user. Exactly what technology should do.

Ever notice how the people who make the snarky remarks about communism always have houses full of objects that were manufactured in communist countries, and yet, somehow, they still manage to feel that their society is superior, even though they're nothing but con artists and goons when you get right down to it?

Their society is superior. They have managed to subjugate the communist country and make its populace make cheap running shoes. There are but a few ways to measure societal superiority and for most of history that's been it. So there!

The problem is that London's transport system can't cope the the volume of passengers that use it at the moment. Make it free, and the whole system will completely melt down from the number of people using it.

Very few people drive to work in London, as parking is way more expensive than public transport, and there is congestion charge on top.

Unless I'm misunderstanding, it's not writing to them, it's overloading them. RFID works a bit like a crystal set radio, they're powered off the transmission and use that power to transmit a signal back. Transmit a powerful enough signal to them, and you fry the chip.

The system is asynchronous, with the current balance and ticket data held electronically on the card rather than in the central database. The main database is updated periodically with information received from the card by barriers and validators. Tickets purchased online or over the telephone are "loaded" at a preselected barrier or validator./quote

Well, with a server-side solution, you just have to make sure that every turnstile can call a central server and process a transaction in less than 200ms. This includes the turnstiles in buses and in remote locations...

Truth is, every transportation system with more than a few fixed turnstile stores the rights of the user locally, in the smartcard chip. Of course, transactions logs are analysed every night and it is usually possible to detect incoherences between the values stored in the card and the reference value stored in the server. In that case, the ID of the misbehaving card is placed on a "hot list" and the card cannot be used anymore.

Of course, this works only if you use real cryptographic algorithms (like 3DES or AES) to protect the content of the card instead of relying on a vendor's snake oil.

Sure, this is pretty much the system I describe in the second part of my post. However, my point was that you need to store something in the card that tell the turnstile whether the card is valid or not: you do not want to admit someone because he presents a generic RFID card to the turnstile. And this exchange must be authenticated to detect fake cards right away. If the cards are not authenticated but simply detected after the fact and placed on a hot list, a cracker simply have to generate a new card eve

Yeah, sure. That's why transport operators with half a clue use standard cryptographic algorithms to protect the content of their cards instead of proprietary, unpublished algorithms like the Oyster card.

2. If the card is damaged to the point where it no longer works, you lose your remaining balance.

Storing the data in the card does not prevent you from mirroring it on a server.

The objections you rise are valid. Thankfully the smartcard industry knows how to handle them.

The first link is related to the Mifare hack. Mifare cards are insecure, this has been known for a long time. Now I will grant you that the response from the MTBA and NXP have been distateful but predictable.

The second link is an "Analysis of an Electronic Voting System" so it has nothing to do with the security of smartcards per se. If Diebold doesn't know how to implement a secure voting system, this cannot be blamed on smartcards.

The third link points to a PR from the Smart Card Alliance ("a nonprofit in

The second link is an "Analysis of an Electronic Voting System" so it has nothing to do with the security of smartcards per se. If Diebold doesn't know how to implement a secure voting system, this cannot be blamed on smartcards.

Read down to the third section. Hint: the title of the section is "Smartcards" and goes into reasonable detail about "smartcard-based attacks against the voting terminals".

I did. The last paragraph says it all:

Diebold uses an insecure protocol that makes them vulnerable to counterfeit smartcards. Modern smartcards can perform cryptographic operations, allowing for more sophisticated protocols. If Diebold used such protocols, their system would be robust against our attacks.

In other words, Diebold picked an insecure protocol to communicate with its smartcards. This cannot be blamed on smartcards or on the smartcards industry (Diebold does not belong to this industry).

The third link points to a PR from the Smart Card Alliance ("a nonprofit industry body representing several large vendors of smart-card and RFID technologies") pointing out flaws in the government plans for RFID passports. That's a pretty responsible move for an industry body that's supposed to lobby on behalf on its constituents.

Responsible, yes... "Here's a bunch of valid reasons why our technology is entirely unsuitable for the intended purpose, which we ought to point out before someone outside the loop figures it out anyway." Kudos to them for coming clean, but it still doesn't get them any closer to actually finding a viable solution to the problem.

Solutions do exist. However, for unknown reasons, some governments decided not to use them. The US governement is one of the them.

This is a good rule when the customer can do whatever he wants with the client, including reading and modifying values in memory. So this is true for PCs. Smartcards are different in the sense that they are designed to prevent the customer from accessing and modifying the content of the card. Of course, given enough time and money, everything can be cracked. Now, in some cases it is possible that the convenience of storing the data locally, in the chip, outweighs the risks. The people in charge of the deplo

It has to work like this in order to work on buses. The buses upload their data to the central database at the end of their route. AFAIK the other forms of transport (underground & train) use 'live' data.

Oyster was designed for very high transaction rates spread across a large number of access points (not all fixed, the same cards are used on the buses) with low value transactions, querying the server at every transaction would only slow the process of getting onto public transport slower for negligible gain.

Oyster is basically designed to query the card, deduct the amount needed for the ticket and check the ticket is used to get out at the right station.

It's really not stupid given that the oyster card has to work across the whole tube, bus, DLR and train networks, on hand-held devices that conductors carry around the busses as well as barriers, turnstiles and 100 different ticketing systems. The Oyster card system works exceptionally well given the millions of transactions that occur daily. Changing suppliers would be an incedibly difficult move to make given the "if it ain't broke don't fix it" rule.

I don't know about you, but I base my designs *not* trusting the client (the card, in this case). I would give the buses/train terminals a little more intelligence and have them communicate with the central DB. In the event of a comm failure, let the rider pass, but reconcile the difference later. Their design pushes *all* the onus on the card providing valid data, which leaves it wide open to hacking.

So, who here from London has the misfortune of having to use Bank or Monument Stations? I'm staggered how they can fuck something like replacing an escalator up.

Just for everyone who doesn't know what I'm talking about, here's the lowdown:

TFL are replacing the escalators that connect Bank and Monument stations together. How long do you think this should take? 2 weeks? 1 month? Nope, here's how long:

18 months.

18 months to replace a fucking escalator. The building opposite where I work was put up quicker than that! Meanwhile, the poor bastards who have to use the station all have to walk down a corridor that's been designed to only take a 1/4 of the volume it's experiencing now.

I love the advert projectors too, especially the one they've placed right in front of the LCD screen so you can't tell when the next train is due.

I noticed that too in Toronto, but I also noticed that the escalators in a lot of other places (notably a bunch of Chapters locations, stores, etc) seemed to also break down quite frequently. The stores tended to get things fixed a bit faster than the TTC, but overall I'm wondering if there's a shortage of escalator repair-persons or perhaps the parts are in short supply (I've heard that many parts come from overseas - Germany I think - and are available only from a very small number of suppliers).

They changed some escalators in the Montreal (Montreal, Quebec, Canada) metro too and it seemed like it took forever.

I recall the escalator change at the Guy Concordia station taking at least 12 months, more like 14 I believe.

Now they also have their new Opus system, which looks very similar to the Oystercard system. It's ridiculous. It's slow, their refill terminals are running Windows XP and I've seen them crash, and all the seniors using the subway are utterly confused.

The back story is that TFL awarded this contract to Metronet. After a year of delay, Metronet went bust. So TFL took a few months to rethink, and re-awarded the contract to Tubelines.

My friend has spent the last three months trying to get the basic design information out of Metronet and their sub-contractors. They are refusing to provide any, or dragging their feet so slowly that they get the same effect. So Tubelines are having to design the new escalator again from scratch.

Better not mention that this card will enable the authorities to track all travel. They have already got rid of paying by cash on a lot of bus routes, forcing cash payers to pay twice as much as the Oyster payers to "encourage" the card use. To aid this, they have recently got rid of the pre-pay paper *1 tickets under disguise of mass fraud *2. Also children under 16 get "free" *3 travel using Oyster whilst data is actually being secretly collected for the governments ID card system.

Better not mention that this card will enable the authorities to track all travel.

I depend on the public transportation infrastructure of New York City, and I wish "the authorities" (ooo, spooky) would start tracking all travel here already.

Right now, what does the MTA know about subway usage patterns? They know how many people get into the system at each station (thanks to electronic fare control gates), and have a pretty good idea of how many people exit the system at each station (not all exit gates hav

> If every passenger's entrance and exit points from the system were recorded> individually, that data could be analyzed to make the entire system more efficient.

And think of the targeted advertising possibilities were your name, address, and banking details attached to that complete record of your travel patterns (not to mention the opportunities to detect "suspicious behavior").

And think of the targeted advertising possibilities were your name, address, and banking details attached to that complete record of your travel patterns (not to mention the opportunities to detect "suspicious behavior").

Who said anything about my name address, and banking details? All the transit card needs to contain is a GUID and a balance of how many credits I have left.

Targeted advertising? Bring it on. I'd much rather stare at ThinkGeek posters while I wait on the platform than Dr. Zizmor's patient

Comments here that gripe about the UK, always seem to focus on privacy and the state. But transport in London and the rest of the UK is our real embarrasment.

Entirely foreign owned, manned by minimum-wage slaves who can't speak a word of English and run by greedy, grossly incompetent asshats the UK public transport system is a disgrace. It's a dirty, unreliable, overcrowded, polluting, expensive, piss poor apology for a public transport system. On a good day.

Roads and railways close at random. Everything is at a halt while speed cameras, penalty travel fines and congestion zones rob any traveller of money to feed the machine. We have a war on travel in the UK.

It has a staggering downtime. On any random day, particualrly at weekends, you will find whole subnetworks of the UK public transport system closed off due to 'engineering works'. You'll often get stranded in some back of beyond town and need to hire a taxi, hitch-hike, sleep in a hotel (or if you have no money in a station). Surely no other system in the world is this much of a fucked up, crumbling mess.

The airport and railway authorities are laws unto themselves, still wielding ancient bylaw legislation from the days when it was a National state run transport system. Passengers are just unwanted cattle. The fare structures are unfathomable, even if you have a degree in maths and logistics just try working out the best ticket to buy. They change the names of products and prices at random to stop any customers or intermediate sellers getting settled. They misrepresent contract law, making specious pseudo-legal announcements telling lies about where and when you must buy a ticket in order to maximise their profits. Station staff who could once help you have been sacked and replaced with machines and ticket barriers.

Lord only knows what it costs our economy! The UK government and the private companies that run our roads and railways are a complete and utter failure at transport policy. I honestly think they have an agenda to halt the entire country and make sure everyone stays in their homes.

You have a system in London that supports 4.5 million riders a day, in a city of 7.3 million. That's nearly 2/3 of the population.

Here in America, most of our major metropolitan areas have abortive mass transit systems that support closer to 1/10th of their population. Diesel buses are the workhorses of our transit systems and carry the vast majority of our transit commuters. Most are standing-room-only, thanks to the gas prices of the past few years and infrequent service. Most of our metro areas are just now starting to build small light-rail transit lines to supplement the bus service.

Be thankful you don't live in the Atlanta or Phoenix areas. At least you can get to "some back of beyond town" on your system. On ours, you're lucky if it's even theoretically possible to do a weekday commute.

I'd say that the vast majority of your post doesn't apply to the London transport system. I've visited a couple of times this year and was amazed by how efficient and useful it was. Everything seemed to be within walking distance of a Tube or DLR station.

Compare with Glasgow where the subway has never, ever been expanded from the single circle line, which doesn't really go anywhere now that the shipbuilding areas have collapsed. They've been talking about extending it for a while now but nothing seems to

Don't get me started on the slave labor... after all this terrorist shizzle they removed all the wastebins from the big stations so would-be terrorists couldn't plant bombs in them.

What did they do about all the rubbish collecting on the floor? Hired hundreds of minimum wage foreign nationals with no security vetting from countries which see terrorism far more frequently than the UK.

On any random day, particualrly at weekends, you will find whole subnetworks of the UK public transport system closed off due to 'engineering works'. You'll often get stranded in some back of beyond town and need to hire a taxi, hitch-hike, sleep in a hotel (or if you have no money in a station).

Alternatively, you could make use of the Rail Replacement Bus Service which is provided for you by the rail companies during engineering works.

They seldom stop full lines on the London Underground either, except the Circle line, which has to keep going around in the same direction and is covered by other lines along all four sides, and the Waterloo and City, which has only two stations. Your example of the Jubilee line is only a short section between Stratford and North Greenwich, and if other underground rail operators are able to run for 7 years with trains up to every 3 minutes 5am - 1am without major maintenance, then they are asking for heada

To be fair railway track replacement takes place over weekends to minimise the disruption to commuters and contractors face massive fines if the track isn't ready to be returned to service at the end of a blockade. Worn out track is dangerous and has to be operated at reduced speed at best.

Roads wear out too, although to be fair the biggest disruptions are caused by accidents. The last couple of days has seen a couple of fatalities on the A1 and massive tailbacks near Doncaster for example.

Honestly, I have lived and travelled extensively. The UK must be the only country in the world (ok, I don't know this, but golly, it feels like that) that closes the transport systems in Xmas and New Year's day.

The instances where the fee barely covers the cost of collecting are always in less urbanized areas.
In major cities, like New York and London, the fees cover most of the cost of transportation. In fact one of the things NYC's MTA is always complaining about is that the State and Federal government give huge amounts to subsidize suburban and rural public transportation and give practically nothign to the city

Yes, that's 3 billion pounds (American billion) give or take a bit, which is more than the GDP for most of the smaller African nations. Apparently this is all used to cover operating costs [google.com], although annual operating cost is actually in the region of 1.2 billion pounds [tfl.gov.uk] (PDF warning, see section 3).

Got a link to support that 6.5 billion figure? Per my earlier link above, the UK government itself is claiming operating costs are 1.2 billion... Even assuming your ticket revenue figure is correct, that's still a 25% profit.

Over here it's called "Snapper" (continuing the nautical theme). I'm pleased to report that while it hasn't actually anything up much as originally intended, it hasn't slowed anything down either. In other words it's not a big shambling mess like the UK version.

I am still trying to figure out why they put it in in the first place, with its inspiration being plagued with issues.

You seem to have the impression that the oyster card is no good. Actually it is great - much faster, more convenient and cheaper (artificially admittedly) than using paper tickets. It also has high uptime (only down two days in the last several years, and it's not like that was bad for anyone because they just made transport free).

As for the security flaws. They have only managed to change the 'cached' cash value on the card. When the back-end notices the discrepancy then the card can be banned. Although it

And not mentioning the fact that, contrary to how they were initially advertised, there is no prospect of being able to use them with more than one bus company, or on any other form of public transport (e.g. suburban trains, cable cars).

In spite of that, I don't really have anything much against them, except that I would very much like to have the choice of whether to use them or some other form of money-saving advance purchase (such as those that used to be

So the Transport organization formed a new contract with the same parties that failed them before. HOWEVER, the new contract is much more robust, with many more protections for the transport authority, and many more penalties for the provider if and when they fail.

So what exactly wrong with this? That someone who screwed up got a new contract?

Let me say that there are very few organizations that have the ability to deliver ANY service in this area. Having a contractor with a track record and some history of failure doesn't mean that the contractor aren't the best choice for the job.

should be free. It'd take a large, complex function out of running a transit system, and simplify travel. I wonder what percentage of a fare dollar goes to managing the fare collection?

Of course, outfits like the AAA don't like the idea of transit riders getting, er, a free ride. But you don't pay to drive on a freeway, and that's pretty expensive to keep up. You don't pay the cost of the pollution you emit either. A big city like London ought to do everything it can to reduce the impact of cars: the traffic, pollution, parking problems and so forth.

I'm not saying this is a solution for smaller cities , but for huge cities, especially old huge cities like London or New York, cars just aren't a reasonable solution to moving people around; the density of the cities makes them impractical. You could try to keep them out, of course, with high bridge tolls, but I think it makes much more sense to make public transit really, really easy to use: no fare zones, no fare cards, no toll collectors, nothing.

I live in London and I'm well aware of the problems and benefits of driving through it compared to using public transport.

One of my friends who drives everywhere thought it'd be a good idea to drive to Kings Cross from surrey, so me, another friend and the driver set off and get to about Croydon quite quickly, at this point I suggest we park the car somewhere safe and go there by public transport.

He refused even though we both tried to tell him about how much hell London is on a friday rush-hour, so the oth